List of usage examples for org.bouncycastle.asn1.x509 GeneralName toASN1Primitive
public ASN1Primitive toASN1Primitive()
From source file:com.itextpdf.signatures.CertificateUtil.java
License:Open Source License
/** * Gets the URL of the Certificate Revocation List for a Certificate * @param certificate the Certificate/*from w ww . j av a2 s . co m*/ * @return the String where you can check if the certificate was revoked * @throws CertificateParsingException * @throws IOException */ public static String getCRLURL(X509Certificate certificate) throws CertificateParsingException { ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId()); } catch (IOException e) { obj = (ASN1Primitive) null; } if (obj == null) { return null; } CRLDistPoint dist = CRLDistPoint.getInstance(obj); DistributionPoint[] dists = dist.getDistributionPoints(); for (DistributionPoint p : dists) { DistributionPointName distributionPointName = p.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { continue; } DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false); return derStr.getString(); } } return null; }
From source file:com.itextpdf.text.pdf.security.CertificateUtil.java
License:Open Source License
/** * Gets the URL of the Certificate Revocation List for a Certificate * @param certificate the Certificate// ww w . j av a 2s . c om * @return the String where you can check if the certificate was revoked * @throws CertificateParsingException * @throws IOException */ public static String getCRLURL(X509Certificate certificate) throws CertificateParsingException { ASN1Primitive obj; try { obj = getExtensionValue(certificate, Extension.cRLDistributionPoints.getId()); } catch (IOException e) { obj = null; } if (obj == null) { return null; } CRLDistPoint dist = CRLDistPoint.getInstance(obj); DistributionPoint[] dists = dist.getDistributionPoints(); for (DistributionPoint p : dists) { DistributionPointName distributionPointName = p.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); GeneralName[] names = generalNames.getNames(); for (GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { continue; } DERIA5String derStr = DERIA5String.getInstance((ASN1TaggedObject) name.toASN1Primitive(), false); return derStr.getString(); } } return null; }
From source file:eu.europa.ec.markt.dss.DSSUtils.java
License:Open Source License
private static String getAccessLocation(final X509Certificate certificate, final ASN1ObjectIdentifier accessMethod) { try {//from ww w.j a v a 2 s. co m final byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; } /* Parse the extension */ final ASN1InputStream asn1InputStream = new ASN1InputStream( new ByteArrayInputStream(authInfoAccessExtensionValue)); final DEROctetString oct = (DEROctetString) (asn1InputStream.readObject()); asn1InputStream.close(); final ASN1InputStream asn1InputStream2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(asn1InputStream2.readObject()); asn1InputStream2.close(); String accessLocation = null; final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (final AccessDescription accessDescription : accessDescriptions) { // LOG.debug("access method: " + accessDescription.getAccessMethod()); final boolean correctAccessMethod = accessDescription.getAccessMethod().equals(accessMethod); if (!correctAccessMethod) { continue; } GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { // LOG.debug("not a uniform resource identifier"); continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); accessLocation = str.getString(); // The HTTP protocol is preferred. if (Protocol.isHttpUrl(accessLocation)) { // LOG.debug("access location: " + accessLocation); break; } } return accessLocation; } catch (final IOException e) { // we do nothing // LOG.("IO error: " + e.getMessage(), e); } return null; }
From source file:eu.europa.ec.markt.dss.validation102853.crl.CommonCRLSource.java
License:Open Source License
/** * Gives back the {@code List} of CRL URI meta-data found within the given X509 certificate. * * @param certificateToken the X509 certificate * @param preferredProtocol/*from w w w. ja v a 2 s . co m*/ * @param preferredProtocol indicates the preferred protocol to use to retrieve the revocation data * @return the {@code List} of CRL URI, or {@code null} if the extension is not present * @throws DSSException in the case of any {@code Exception} */ public List<String> getCrlUrl(final CertificateToken certificateToken, final Protocol preferredProtocol) throws DSSException { final byte[] crlDistributionPointsBytes = certificateToken.getCRLDistributionPoints(); if (null == crlDistributionPointsBytes) { if (LOG.isTraceEnabled()) { LOG.trace("CRL's URL(s) for {} : there is no distribution point(s) extension!", certificateToken.getAbbreviation()); } return null; } try { final List<String> urls = new ArrayList<String>(); final ASN1Sequence asn1Sequence = DSSASN1Utils .getAsn1SequenceFromDerOctetString(crlDistributionPointsBytes); final CRLDistPoint distPoint = CRLDistPoint.getInstance(asn1Sequence); final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (final DistributionPoint distributionPoint : distributionPoints) { final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (FULL_NAME != distributionPointName.getType()) { LOG.warn("'nameRelativeToCRLIssuer': not supported!"); continue; } final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); final GeneralName[] names = generalNames.getNames(); for (final GeneralName name : names) { if (uniformResourceIdentifier != name.getTagNo()) { LOG.warn("Not a uniform resource identifier!"); continue; } ASN1Primitive asn1Primitive = name.toASN1Primitive(); if (asn1Primitive instanceof DERTaggedObject) { final DERTaggedObject taggedObject = (DERTaggedObject) asn1Primitive; asn1Primitive = taggedObject.getObject(); } final DERIA5String derStr = DERIA5String.getInstance(asn1Primitive); final String urlStr = derStr.getString(); urls.add(urlStr); } } prioritize(urls, preferredProtocol); if (LOG.isTraceEnabled()) { LOG.trace("CRL's URL for {} : {}", certificateToken.getAbbreviation(), urls); } return urls; } catch (Exception e) { if (e instanceof DSSException) { throw (DSSException) e; } throw new DSSException(e); } }
From source file:eu.europa.ec.markt.dss.validation102853.crl.OnlineCRLSource.java
License:Open Source License
/** * Gives back the CRL URI meta-data found within the given X509 certificate. * * @param certificateToken the X509 certificate. * @return the CRL URI, or {@code null} if the extension is not present. * @throws DSSException/*w w w. j a v a 2 s .c om*/ */ public String getCrlUrl(final CertificateToken certificateToken) throws DSSException { final byte[] crlDistributionPointsValue = certificateToken.getCRLDistributionPoints(); if (null == crlDistributionPointsValue) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { List<String> urls = new ArrayList<String>(); final ByteArrayInputStream bais = new ByteArrayInputStream(crlDistributionPointsValue); ais1 = new ASN1InputStream(bais); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final ASN1Sequence seq = (ASN1Sequence) ais2.readObject(); final CRLDistPoint distPoint = CRLDistPoint.getInstance(seq); final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (final DistributionPoint distributionPoint : distributionPoints) { final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); final GeneralName[] names = generalNames.getNames(); for (final GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("Not a uniform resource identifier"); continue; } final String urlStr; if (name.toASN1Primitive() instanceof DERTaggedObject) { final DERTaggedObject taggedObject = (DERTaggedObject) name.toASN1Primitive(); final DERIA5String derStr = DERIA5String.getInstance(taggedObject.getObject()); urlStr = derStr.getString(); } else { final DERIA5String derStr = DERIA5String.getInstance(name.toASN1Primitive()); urlStr = derStr.getString(); } urls.add(urlStr); } } if (preferredProtocol != null) { for (final String url : urls) { if (preferredProtocol.isTheSame(url)) { return url; } } } if (urls.size() > 0) { final String url = urls.get(0); return url; } return null; } catch (IOException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(ais1); DSSUtils.closeQuietly(ais2); } }
From source file:eu.europa.ec.markt.dss.validation102853.ocsp.OnlineOCSPSource.java
License:Open Source License
/** * Gives back the OCSP URI meta-data found within the given X509 cert. * * @param certificate the X509 cert.//from w ww . ja v a 2s . co m * @return the OCSP URI, or <code>null</code> if the extension is not present. * @throws DSSException */ public String getAccessLocation(final X509Certificate certificate) throws DSSException { final ASN1ObjectIdentifier ocspAccessMethod = X509ObjectIdentifiers.ocspAccessMethod; final byte[] authInfoAccessExtensionValue = certificate .getExtensionValue(X509Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { final ByteArrayInputStream bais = new ByteArrayInputStream(authInfoAccessExtensionValue); ais1 = new ASN1InputStream(bais); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(ais2.readObject()); final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (LOG.isDebugEnabled()) { LOG.debug("Access method: " + accessDescription.getAccessMethod()); } final boolean correctAccessMethod = accessDescription.getAccessMethod().equals(ocspAccessMethod); if (!correctAccessMethod) { continue; } final GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { if (LOG.isDebugEnabled()) { LOG.debug("Not a uniform resource identifier"); } continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); final String accessLocation = str.getString(); if (LOG.isDebugEnabled()) { LOG.debug("Access location: " + accessLocation); } return accessLocation; } return null; } catch (IOException e) { throw new DSSException(e); } finally { DSSUtils.closeQuietly(ais1); DSSUtils.closeQuietly(ais2); } }
From source file:eu.europa.esig.dss.client.crl.OnlineCRLSource.java
License:Open Source License
/** * Gives back the {@code List} of CRL URI meta-data found within the given X509 certificate. * * @param certificateToken/*from w w w.ja va2 s. c o m*/ * the X509 certificate * @return the {@code List} of CRL URI, or {@code null} if the extension is not present * @throws DSSException */ public List<String> getCrlUrl(final CertificateToken certificateToken) throws DSSException { final String id = Extension.cRLDistributionPoints.getId(); final byte[] crlDistributionPointsBytes = certificateToken.getCertificate().getExtensionValue(id); if (null == crlDistributionPointsBytes) { return null; } try { final List<String> urls = new ArrayList<String>(); final ASN1Sequence asn1Sequence = DSSASN1Utils .getAsn1SequenceFromDerOctetString(crlDistributionPointsBytes); final CRLDistPoint distPoint = CRLDistPoint.getInstance(asn1Sequence); final DistributionPoint[] distributionPoints = distPoint.getDistributionPoints(); for (final DistributionPoint distributionPoint : distributionPoints) { final DistributionPointName distributionPointName = distributionPoint.getDistributionPoint(); if (DistributionPointName.FULL_NAME != distributionPointName.getType()) { continue; } final GeneralNames generalNames = (GeneralNames) distributionPointName.getName(); final GeneralName[] names = generalNames.getNames(); for (final GeneralName name : names) { if (name.getTagNo() != GeneralName.uniformResourceIdentifier) { LOG.debug("Not a uniform resource identifier"); continue; } ASN1Primitive asn1Primitive = name.toASN1Primitive(); if (asn1Primitive instanceof DERTaggedObject) { final DERTaggedObject taggedObject = (DERTaggedObject) asn1Primitive; asn1Primitive = taggedObject.getObject(); } final DERIA5String derStr = DERIA5String.getInstance(asn1Primitive); final String urlStr = derStr.getString(); urls.add(urlStr); } } prioritize(urls); return urls; } catch (Exception e) { if (e instanceof DSSException) { throw (DSSException) e; } throw new DSSException(e); } }
From source file:eu.europa.esig.dss.client.ocsp.OnlineOCSPSource.java
License:Open Source License
/** * Gives back the OCSP URI meta-data found within the given X509 cert. * * @param certificate// w w w . j av a 2s . c o m * the cert token. * @return the OCSP URI, or <code>null</code> if the extension is not present. * @throws DSSException */ public String getAccessLocation(final CertificateToken certificate) throws DSSException { final byte[] authInfoAccessExtensionValue = certificate.getCertificate() .getExtensionValue(Extension.authorityInfoAccess.getId()); if (ArrayUtils.isEmpty(authInfoAccessExtensionValue)) { return null; } ASN1InputStream ais1 = null; ASN1InputStream ais2 = null; try { ais1 = new ASN1InputStream(authInfoAccessExtensionValue); final DEROctetString oct = (DEROctetString) (ais1.readObject()); ais2 = new ASN1InputStream(oct.getOctets()); final AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(ais2.readObject()); final AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); for (AccessDescription accessDescription : accessDescriptions) { if (logger.isDebugEnabled()) { logger.debug("Access method OID : " + accessDescription.getAccessMethod()); } final boolean correctAccessMethod = X509ObjectIdentifiers.ocspAccessMethod .equals(accessDescription.getAccessMethod()); if (!correctAccessMethod) { continue; } final GeneralName gn = accessDescription.getAccessLocation(); if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { if (logger.isDebugEnabled()) { logger.debug("Not a uniform resource identifier"); } continue; } final DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); final String accessLocation = str.getString(); if (logger.isDebugEnabled()) { logger.debug("Access location: " + accessLocation); } return accessLocation; } return null; } catch (IOException e) { throw new DSSException(e); } finally { IOUtils.closeQuietly(ais1); IOUtils.closeQuietly(ais2); } }
From source file:eu.europa.esig.dss.DSSASN1Utils.java
License:Open Source License
public static List<String> getAccessLocations(final CertificateToken certificate) { final byte[] authInfoAccessExtensionValue = certificate.getCertificate() .getExtensionValue(Extension.authorityInfoAccess.getId()); if (null == authInfoAccessExtensionValue) { return null; }// w w w .j a v a 2 s . c o m // Parse the extension ASN1Sequence asn1Sequence = null; try { asn1Sequence = DSSASN1Utils.getAsn1SequenceFromDerOctetString(authInfoAccessExtensionValue); } catch (DSSException e) { return null; } AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess .getInstance(asn1Sequence); AccessDescription[] accessDescriptions = authorityInformationAccess.getAccessDescriptions(); List<String> locationsUrls = new ArrayList<String>(); for (AccessDescription accessDescription : accessDescriptions) { if (X509ObjectIdentifiers.id_ad_caIssuers.equals(accessDescription.getAccessMethod())) { GeneralName gn = accessDescription.getAccessLocation(); if (GeneralName.uniformResourceIdentifier == gn.getTagNo()) { DERIA5String str = (DERIA5String) ((DERTaggedObject) gn.toASN1Primitive()).getObject(); locationsUrls.add(str.getString()); } } } return locationsUrls; }
From source file:net.sabamiso.android.revocationtest.crl.RevocationTestUsingCRL.java
License:MIT License
private static String getCRLUrl(X509Certificate cert) { byte[] asn1_bytes = cert.getExtensionValue("2.5.29.31"); // CRL Distribution Points OID:"2.5.29.31" if (asn1_bytes == null) { Log.e(TAG, "cannot find 2.5.29.31..."); return null; }/*from www.j av a2 s. c o m*/ CRLDistPoint crldp = getCRLDistPoint(asn1_bytes); if (crldp == null) { Log.e(TAG, "cannot find CRLDistPoint..."); return null; } String url = null; for (DistributionPoint dp : crldp.getDistributionPoints()) { DistributionPointName dpn = dp.getDistributionPoint(); if (DistributionPointName.FULL_NAME != dpn.getType()) continue; GeneralNames gns = (GeneralNames) dpn.getName(); for (GeneralName gn : gns.getNames()) { if (gn.getTagNo() != GeneralName.uniformResourceIdentifier) { continue; } DERIA5String der_str = DERIA5String.getInstance((ASN1TaggedObject) gn.toASN1Primitive(), false); url = der_str.getString(); Log.d(TAG, "url=" + url); } } return url; }